Replacing BIND with unbound (Was: Re: Pull in upstream before
 9.1 code freeze?)
    Avleen Vig 
    avleen at gmail.com
       
    Mon Jul  9 07:34:37 UTC 2012
    
    
  
On Sun, Jul 8, 2012 at 11:26 PM, Doug Barton <dougb at freebsd.org> wrote:
> On 07/08/2012 23:16, Avleen Vig wrote:
>> On Sun, Jul 8, 2012 at 10:51 PM, Doug Barton <dougb at freebsd.org> wrote:
>>> On 07/08/2012 22:43, Avleen Vig wrote:
>>>> It would be silly not to keep bind-tools in base.
>>>
>>> Sounds easy, but not so much in practice. Keeping any of the code
>>> doesn't solve the problem of the release cycles not syncing up. And for
>>> the vast majority of users needs the tools we will import will be more
>>> than adequate.
>>
>> The question I keep asking myself is:
>>   "Is this best for the users?"
>
> Carrying BIND code in the base that is past EOL is not good for the
> users, period. Everything else we're discussing is an implementation
> detail.
I think the "everything else we're discussing is an implementation
detail" is the part we'll have a problem with.
Although Garrett's reply  to my email makes sense too.
>> Linux has `nscd` which is a nice caching resolver, but most
>> distributions still carry bind-tools in the default install.
>
> A) You're wrong about "most." and B) The Linux distros have a default
> set of packages. There is no "base" like there is in FreeBSD. (Thus,
> your analogy is flawed.)
That's not *really* true, there is a "base" like FreeBSD, but what we
consider core userland tools like `ls`, come in a package (coreutils).
> That said, I still believe that our idea of what should, and should not
> be, in the base system is seriously flawed, and needs to be completely
> redone. But that's never going to happen, so I'm trying to work with
> what we've got.
Agreed. The idea of a "minimally functional system" itself might be
flawed. Do you consider having `dig` and `host` essential in a
minimally functioning system? I do.
It's pretty f'king hard to resolve problems with installing the
bind-utils port, if you don't know how to test your DNS :-)
The issue is also one of barrier-to-entry. By removing `dig` and
`host`, I think we're making things unnecessarily more difficult for
people who don't *know* FreeBSD. `dig` and `host` a universally
standard tools for doing DNS lookups. Taking them away in base to
replace them with something else just seems like something that won't
really *help* users.
Yes, I'm going to be a stickler and say that having EOL code in base
isn't the end of the world. It's not ideal, but really.. what is it
breaking?
If there's a security vulnerability, sure, I understand that it might
suck without support from ISC to patch dig/host/nslookup, but when was
the last time that happened?
    
    
More information about the freebsd-hackers
mailing list